[GNAP] Implementation Status

Justin Richer <jricher@mit.edu> Mon, 31 January 2022 21:37 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7FCEC3A1918 for <txauth@ietfa.amsl.com>; Mon, 31 Jan 2022 13:37:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.399, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xrQDmMsW0HMq for <txauth@ietfa.amsl.com>; Mon, 31 Jan 2022 13:37:41 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E87AD3A18D1 for <txauth@ietf.org>; Mon, 31 Jan 2022 13:37:23 -0800 (PST)
Received: from smtpclient.apple (static-71-174-62-56.bstnma.fios.verizon.net []) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 20VLbLUK017899 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <txauth@ietf.org>; Mon, 31 Jan 2022 16:37:22 -0500
From: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="Apple-Mail=_28139574-0A61-4526-ADE4-E9DE82BEDC44"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.\))
Message-Id: <1D81A521-6EE1-4EEA-B66A-C4221D10850D@mit.edu>
Date: Mon, 31 Jan 2022 16:37:21 -0500
To: GNAP Mailing List <txauth@ietf.org>
X-Mailer: Apple Mail (2.3654.
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/jD5rw3ycm3-t-e8Omad5uOOC5oI>
Subject: [GNAP] Implementation Status
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: GNAP <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jan 2022 21:37:46 -0000

Hi everyone,

Ahead of of the IETF 113 Hackathon, we’d like to collect a list of tools that implementors can use for building GNAP. These can either be implementations of GNAP itself (either in whole or some component or subset), or libraries that can be used to implement things needed in GNAP, like HTTP Message Signatures or Subject Identifiers or JOSE. I’ll start off this thread with the tools that I personally know about, and we are asking for everyone else to chime in with their own additions.


- XYZ: A Java implementation (based on Spring) of an AS, RS, and webserver-based client instance. The UX is written in React agains a Spring-based backend API. Supports HTTP Signing and JOSE methods. There was a React-based SPA implementation in there as well but it hasn’t been kept up to date. https://github.com/bspk/oauth.xyz-java <https://github.com/bspk/oauth.xyz-java>

HTTP Signatures:

- Go library (from Yaron Sheffer). https://github.com/yaronf/httpsign <https://github.com/yaronf/httpsign>
- Python implementation behind https://httpsig.org/ <https://httpsig.org/> demo site: https://github.com/bspk/httpsig-org/tree/main/backend
-  Rust library (known to be incomplete — also note this is a branch on a fork): https://github.com/dskyberg/http-signatures/tree/ietf-httpbis-skyberg <https://github.com/dskyberg/http-signatures/tree/ietf-httpbis-skyberg>

HTTP Structured Fields (used with signatures):

- Python: https://pypi.org/project/http-sfv/ <https://pypi.org/project/http-sfv/>
- Java: https://github.com/reschke/structured-fields <https://github.com/reschke/structured-fields>

Subject Identifiers:

- Java: https://github.com/sailpoint-oss/ietf-subject-identifiers-model


I don’t think it’s really worth listing all of the JOSE implementations out there, as there are so many. That said, many that are written as purely JWT libraries don’t like you to provide your own unencoded (or pre-encoded) payload body, which is required with GNAP’s use of JWS for key proofing.

Please submit your additions to the mailing list. We’ll be collecting this list and making it available to Hackathon participants. The editors also plan to incorporate this information in a future version of the spec as an “implementation status” section, as discussed in this issue: https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/258 <https://github.com/ietf-wg-gnap/gnap-core-protocol/issues/258>

 — Justin